LET’S ENCRYPT is a certificate authority (CA) that provides free SSL certificates for enabling HTTPS on web servers.

In this blog, we will use CERTBOT to obtain a free SSL certificate for Apache on UBUNTU.

We recommend creating a copy of Apache virtual host files to avoid mistakes and maintains the default files as a backup config.

Step 1 : Install CERTBOT

The first step to install the CERTBOT on your server.

To add the repository run following command in terminal.

sudo apt install python-certbot-apache

Step 2 : Configure SSL Certificate

CERTBOT needs to find the virtual host in Apache configuration for configure SSL.

It's require a ServerName that matches the domain you request a certificate for, we can find that configuration at following path :


To edit / open configure file use nano editor, use following command for same :

sudo nano /etc/apache2/sites-available/000-default.conf

Now find ServerName & put domain name after that, if you not found ServerName then add this at end of file.

Save & exit nano editor by control + X.

Now, verify above configuration by following command :

sudo apache2ctl configtest

If you get an error then reopen the file and check for any error.

Next, reload Apache to load the new configuration by following command :

sudo systemctl reload apache2

Step 3 — Enable HTTPS

If system has the firewall enabled, we will need to allow for HTTPS.

We can see current status by following command :

sudo ufw status

To let HTTPS traffic in, we need to allow "Apache full" in system config, run following command one by one :

sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'
sudo ufw status

Step 4 : Fetch an SSL Certificate from CERTBOT

Fetch SSL certificate for domain by following, replace your domain name in following :

sudo certbot --apache -d -d

Above command will ask for some option like redirect all traffic to HTTPS or not. Select your option and go ahead.

When process done CERTBOT will show some information about your domain with SSL certificate.

Now, check your domain with